Thoughts on TOFU

colecmac at protonmail.com colecmac at protonmail.com
Sat Jun 20 01:22:13 BST 2020

Previous message (by thread): Thoughts on TOFU
Next message (by thread): Thoughts on TOFU
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Two quick takeaways I made that I will add to Amfora:

* The port should be stored in the TOFU database too
* I should be storing the hash of cert.RawSubjectPublicKeyInfo and not cert.Raw


makeworld

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Friday, June 19, 2020 4:03 PM, solderpunk <solderpunk at SDF.ORG> wrote:

> On Fri, Jun 19, 2020 at 06:51:35PM +0000, colecmac at protonmail.com wrote:
>
> > Whether this is specced (as an optional client behaviour) or not, I think
> > the spirit of "mostly secure" suggests that at the very least, simple clients
> > should look at cert hash and expiry, and not just the cert public key as Felix
> > suggested in this thread originally. I think it'd be nice to see this suggestion
> > in the Best Practices file, if you agree.
>
> I want to setup an entirely separate document on TOFU practices! I
> don't want to rush into it, though. I am planning to read this paper
> over the weeekend:
>
> https://rp.delaat.net/2012-2013/p56/report.pdf
>
> Feel free to join in!
>
> Cheers,
> Solderpunk

Previous message (by thread): Thoughts on TOFU
Next message (by thread): Thoughts on TOFU
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list